Software Engineering Tools for Industrial Automation

The goal of this module is to develop software development and software engineering methods and tools for industrial automation software, in particular reactive control systems. There are two subprojects in this module: (1) domain-specific languages for industrial automation and (2) testing and diagnosis of control programs.

Domain-specific Languages for Industrial Automation

Domain-specific modelling allows rapid development of applications, based on models of the problem domain (i.e., the concepts) rather than on models of the solution domain (i.e., the code). It applies concepts and rules that are intuitive for experts in the respective domain thus raising the level of abstraction while at the same time narrowing the design space.

The goal of this module is to develop new notations and tools for the specification and translation of domain-specific languages in the industrial automation domain. We explore new ways for building process automation systems using high-level models and domain-specific languages and to translate them into executable code that runs on a specialised virtual machine. We devise novel features for domain-specific languages such as hierarchical structuring, extensibility, exception handling, constraints and safety.

Special emphasis is put on the support of end-user programming, where we distinguish between two groups of end users: The first group uses the machinery and the software infrastructure of our partner to develop industrial automation software. The second group mainly uses the software developed by the first group but must still be able to configure and adapt it within certain limits.

In cooperation with KEBA AG, Linz

Testing and diagnosis of programmable logic controller programs

In this project we are developing methods and tools for debugging and fault diagnosis of PLC (programmable logic controller) programs written in the IEC 61131-3 language standard. Analyzing the dynamic behaviour and finding bugs in PLC applications have been shown to be extremely complicated and costly. Our work currently concentrates on three themes: (1) deterministic reply debugging of PLC programs, (2) techniques for extracting high-level views of program behaviour from execution traces, and (3) testing methods and tools for PLC software.

(1) Deterministic replay debugging is an approach to finding field failures in deployed software. It records an application run in the field so that it can deterministically be replayed offline in a development system for debugging purposes. To enable deterministic replay debugging, it is necessary to record all external influences and sources of non-determinism in the original program run. From that trace log and from a known initial state, the program can be replayed deterministically without requiring any connection to the original environment. We have developed a solution for deterministic replay debugging of hard real-time multi-tasking SoftPLC applications written in the IEC 61131-3 languages which works with minimal overhead and obeys real-time constraints.

(2) Based on the replay technology, we are currently developing a multi-level approach for extracting, abstracting, and visualizing the behaviour of control programs from execution traces with the goal to support program comprehension and defect localization. As a first step we have developed a reengineering approach to obtain the reactive behaviour of a control program. The reactive behaviour is then analysed for finding recurring execution patterns which serve as elements for comparison and difference building.

(3) In this subproject we are working on testing methods and tools for PLC software. We are developing a unit-test framework for PLC programs by leveraging our replay technology for supporting regression testing.

In cooperation with KEBA AG, Linz